The README only highlights the scripts most users reach for first. See the full 89-script list with purpose notes in the Script Inventory wiki. generate_report.py Self-contained browser dashboard for ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.